import express from 'express';
import {
  getPermissions,
  getPermissionById,
  createPermission,
  updatePermission,
  deletePermission
} from '../controllers/permissionController.js';
import { auth, hasPermission } from '../middleware/auth.js';

const router = express.Router();

// 受保护路由
router.get('/', 
  auth, 
  hasPermission('read_permissions'), 
  getPermissions);
router.get('/:id', 
  auth, 
  hasPermission('read_permissions'), 
  getPermissionById);
router.post('/', 
  auth, 
  hasPermission('manage_permissions'), 
  createPermission);
router.put('/:id', 
  auth, 
  hasPermission('manage_permissions'), 
  updatePermission);
router.delete('/:id', 
  auth, 
  hasPermission('manage_permissions'), 
  deletePermission);

export default router;